Cybersecurity

Cybersecurity
WEF: 94% of Organizations Name AI as Top Cybersecurity Change Driver
A WEF report finds 94% of enterprise security leaders call AI the top change driver, but warns data quality gaps risk producing false alerts and ...
CVE Vulnerability Alerts
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC page caches. Patches available for ...
Cybersecurity
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
The FCC extended security update support for banned Chinese-made routers to 2029, citing Volt Typhoon threat concerns and risk of unpatched network devices.
Cybersecurity
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
Skoda Auto disclosed a breach of its online shop portal that exposed customer names, addresses, email addresses, and password hashes to unauthorized access.
Cybersecurity
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and critical infrastructure using GitHub-hosted phishing ...
Application Security
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware hits 44,000 servers.
Application Security
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
TeamPCP backdoored the Checkmarx Jenkins AST scanner plugin in a third supply chain wave, following March Trivy and April KICS attacks. Version 2026.5.09 was compromised; ...
Cybersecurity
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
A Taiwan university student used cheap radio equipment to replay TETRA signals, disabling the island's high-speed rail network for nearly an hour in 2026.
Application Security
Five Malicious NuGet Packages Target Chinese .NET Developers
Socket discovered five NuGet packages typosquatting Chinese .NET UI libraries — IR.DantUI, IR.OscarUI, and three more — amassing 65,000 downloads while stealing credentials from 12 ...
Cybersecurity
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
QLNX is a fileless Linux RAT using eBPF rootkit and PAM backdoor to steal npm, PyPI, AWS, and GitHub tokens from developer hosts with near-zero ...